Main menu

Integrated Windows Authentication: Getting FireFox to Play Nice

If you protect your web applications using Integrated Windows Authentication (IWA), typical with company Intranets, FireFox will prompt users to provide their network credentials (i.e. their Username and Password) when they try to access the site.

You can side step this by making minor changes to FireFox so that it will negotiate with the web server behind the scenes, effectively performing a “silent login” like Internet Explorer does automatically when accessing IWA protected apps.

IMPORTANT: Your IIS node needs to allow fall back to NTLM Authentication for this to work.

Using the Metabase Manager, part of the IIS Resource Toolkit that is available from Microsoft, will showNegotiate, NTLM under Authentication. If you removed NTLM than this tutorial is a waste of your time

Step 1:

Open FireFox, in the Address Bar type about:config, you will be prompted with a warning like the following.

Step 2:

Click the “I’ll be careful, I promise!” button. In the “Filter” textbox type network.automatic

Step 3:

Select the 2nd option named network.automatic-ntlm-auth.trusted-uris. Enter the values of your Intranet sites, separating them with a comma, and click OK

FireFox will then negotiate your login silently, eliminating the need for the Server Login prompt.